final review ccna

8/8/2019 Final Review CCNA

1/19

OSI Reference Points

OSI Layer Data Flow Layer Network Reference Network Device

Application Upper

Presentation Upper

Session Upper PDU or Message

Transport Data Flow Segment

Network Data Flow Packet or Datagram MultiLayer Switch or Router

Data Link Data Flow Frame Switch or Bridge

Physical Data Flow Bits and Signaling Hub

OSI Layers

OSI Layer Purpose Examples

Application

Provides services to network applications.This layer is responsible for determiningresource availability, identifyingcommunications peers, and synchronizingcommunications between the applications.

Simple Mail Transport Protocol (SMTP) Telnet File Transfer Protocol (FTP) Trivial File Transfer Protocol (TFTP) HyperText transfer Protocol (HTTP)

Presentation

Provides the coding and conversion functionsthat are applied to the data to/from theApplication layer. This layer ensures that thereis a common scheme used to bundle the databetween the two ends. There are variousexamples and this list is by no means

complete. Text can be either ASCII orEBCDIC. Images can be JPEG, GIF, or TIFF.Sound can be MPEG or Quicktime

ASCII (text) EBCDIC (text) JPEG (image) GIF (image) TIFF (image)

MPEG (sound/video) Quicktime (sound/video)

Session

Maintains communications sessions betweenupper-layer applications. This layer isresponsible for establishing, maintaining, andterminating such sessions

Session Control Protocol (SPC) Remote Procedure Call (RPC) from Unix Zone Information Protocol (ZIP) fromAppleTalk

Transport

Responsible for end-to-end data transmission.These communications can be either reliable(connection-oriented) or non-reliable(connectionless). This layer organizes datafrom various upper layer applications into data

streams. The transport layer also handles end-to-end flow control, multiplexing, virtual circuitmanagement, and error checking andrecovery.

Transmission Control Protocol (TCP) from IP User Datagram Protocol (UDP) from IP

Network

Uses administrator-defined logical addressingto combine many data flows into aninternetwork. This layer allows bothconnection-oriented and connectionless dataflows to access the network. The network layeraddresses help define a network hierarchy.Network devices are normally groupedtogether based on their common NetworkLayer address.

Internet Protocol (IP)


2/19

OSI Layer Purpose Examples

Data Link

Provides either reliable or non-reliabletransmission of data across a physicalmedium. Most networks use a non-reliabledata link layer, such as Ethernet or TokenRing. The data Link Layer provides a physicaladdress to each device called a Media AccessControl (MAC) address. MAC addresses aretypically burned into the network interface card

(NIC). The Data Link Layer also uses a LogicalLink Control (LLC) to determine the type ofNetwork Layer data is traveling inside theframe.

LAN: Ethernet/IEEE 802.3 (include Fast Ethernet) 802.3z (Gigabit Ethernet) Token Ring /IEEE 802.5 FDDI (from ANSI)WAN: High-Level Data-link Control (HDLC)

Point-to-Point Protocol (PPP) Frame Relay

Physical

Defines the electrical, mechanical, andfunctional specifications for maintaining aphysical link between network devices. Thislayer is responsible for such characteristics asvoltage levels, timing and clock rates,maximum transmission distances, and thephysical connectors used.

LAN: Category 3 cabling (LAN) Category 5 cabling (LAN)WAN: EIA/TIA-232 EIA/TIA-449 V.35

TCP/IP Layers

Protocol OSI Reference Function

Transmission ControlProtocol (TCP)

Session Layer Layer 4Reliable, connection-oriented, uses sequence andacknowledgement numbers to provide reliability verifies that theremote end is listening prior to sending data (handshake).

User Datagram

Protocol (UDP)

Session Layer Layer 4Non-reliable, connectionless, no sequence or acknowledgement

numbers, and no far-end verification.

Internet Protocol (IP) Network Layer Layer 3Provides the logical addressing structure. Offers connectionless,best-effort delivery of packets (datagrams).

IP Protocols

Protocol Purpose

Internet Control

Message Protocol(ICMP) Provides control and feedback messages between IP devices.

Address ResolutionProtocol (ARP)

Using a destination IP address, ARP resolves or discovers the appropriate destination MAC(layer 2) address to use. Map a Layer 3 address to a Layer 2 address.

Reverse AddressResolution Protocol

(RARP)

Using a source MAC address, RARP retrieves an IP address form the RARP Server. Mapsources Layer 2 address to a Layer 3 address. RARP is an early form of BOOTP andDHCP.


3/19

IP Addresses

ClassFirst

BinaryBits

NumericalRange

Number ofNetworks

Number ofHosts perNetwork

Number ofNetworkOctets

Number ofHostsOctets

A 0xxx 1 126* 126 16.5 million 1 (N.H.H.H) 3

B 10xx 128 191 16 thousand 65 thousand 2 (N.N.H.H) 2

C 110x 192 223 2 million 254 3 (N.N.N.H) 1

D** 111x 224 239 N/A N/A N/A N/A

E** 1111 240 255 N/A N/A N/A N/A

* 127 is used for the Loopback address.

** Class D is used for Multicast Group addressing, and Class E is reserved for research use only.

Default Subnet MasksDefault Class A mask 255.0.0.0 = N.H.H.H

Default Class B mask 255.255.0.0 = N.N.H.HDefault Class C mask 255.255.255.0 = N.N.N.H

6 Steps to Subnetting

Step Rule What is learned

1 Divide VLSM notation (CIDR) by 8 What octet to work with

2 Plug remainder into subnet chart Multiplier and subnet

3 Plug working octet into chart and do ANDing Base address

4 Add Multiplier to base address and subtract 1 Broadcast Address

5 Use remainder and use as exponent for (2n-2) Number of Networks

6 Take remainder and subtract from 8, take that number for (2h-2) Number of Host

Subnetting Chart

Definitions Number of BITS

Exponents 7 6 5 4 3 2 1 0

Subnet mask 192 224 240 248 252 254 255

128 64 32 16 8 4 2 1


4/19

Possible Subnet Mask Values for One Octet

Decimal Mask Binary Mask Network Bits Host Bits

0 00000000 0 8

128 10000000 1 7

192 11000000 2 6

224 11100000 3 5

240 11110000 4 4

248 11111000 5 3

252 11111100 6 2

254 11111110 7 1

255 11111111 8 0

Possible Class C Subnet Masks

Decimal Mask Network Bits (x) Host Bits (y)Number ofSubnets

2s 2

Number ofHosts

2r 2255.255.255.0 0 8 0 254

255.255.255.128 1 7 N/A N/A

255.255.255.192 2 6 2 62

255.255.255.224 3 5 6 30

255.255.255.240 4 4 14 14

255.255.255.248 5 3 30 6

255.255.255.252 6 2 62 2

255.255.255.254 7 1 N/A N/A

255.255.255.255 8 0 N/A N/A

Port NumbersWell-known port numbers are 1 1023 (typically used for well-known applications), random port numbers are 1024 andabove (typically random numbers are used by the client in a client/server application).

Application Port Transport

File Transfer Protocol (FTP) 20/21 TCP

Telnet 23 TCP

Simple Mail Transfer Protocol (SMTP) 25 TCP

Domain Name Services (DNS) 53 TCP

Domain Name Services (DNS) 53 UDP

Trivial Files Transfer Protocol (TFTP) 69 UDP

Simple Network Management Protocol (SNMP) 161/162 UDP

Routing Information Protocol (RIP) 520 UDP


5/19

Network Hierarchy

Layer Purpose Network Device

Core

To move network traffic as fast as possible.Characteristics include fast transport toenterprise services and no packetmanipulation.

High-speed routers Multi-layer switches

Distribution

Perform packet manipulation such as filtering

(security), routing (path determination), andWAN access (frame conversion). Thedistribution layer collects the various accesslayers. Security is implemented here, as wellas broadcast and multicast control. Mediatranslation between LAN and WAN frametypes also occurs here.

Routers

AccessWhere end-stations are introduced to thenetwork. This is the entry point for virtually allworkstations.

Switches Bridges Hubs

Half-Duplex vs. Full-Duplex

Duplex Type Advantages Defaults

Half-Duplex

Network devices us the same pair of wire to both transmit andreceive

Only possible to use 50% of the available bandwidth mustuse the same bandwidth to send and receive

Available bandwidth decreases as number of devices in thebroadcast domain increases

Used through hubs (layer 1 devices) everyone shares theavailable bandwidth

10 Mbps

(Auto by default)

Full-Duplex

Uses one pair of wire for sending and another pair forreceiving.

Effectively provides double the bandwidth possible to sendand receive at the same time.

Must be point-to-point stations, such as pc/server-to-switch orrouter-to-switch.

Everyone has their own collision domain (individual bandwidth)on each switch port.

100 Mbps ports

(Auto by default)

LAN Segmentation = Dividing Up Collision Domains

Device Abilities

BridgeExamines destination MAC address and makes filtering/forwarding decisions based on it.Unknown, Broadcast, and Multicast frames are flooded out all ports except the originator. Eachport of a bridge is a collision domain.

Switch

Examines destination MAC address and makes filtering/forwarding decisions based on it.Unknown, Broadcast, and Multicast frames are flooded out all ports within that VLAN except theoriginator. Each port of a switch is a collision domain. Each VLAN is a broadcast domain. Benefitsinclude simplifying moves, adds, and changes, reducing administrative costs, controllingbroadcasts, tightened security, load distribution, and moving servers into a secure location.

RouterExamines destination network (logical layer3) address and makes filtering/forwarding decisionsbased on it. Unknown and broadcast frames are discarded. Each port of a router is both a collision

and broadcast domain.


6/19

Comparison of Bridges and Switches

Bridges Switches

Software Based Hardware-based (port-level ASICs)

Relatively Slow Comparatively fast

One STP per Bridge Possibly many STPs per switch (possibly one per VLAN)

Typically up to 16 Ports Possibly hundreds of ports

LAN Switch Functions

Function Purpose

AddressLearning

Dynamically learns MAC addresses that arrive in the switch by reading the sources MACaddress of each arriving frame. If this address is not in the current MAC table, and there isenough space to store it, the address and the inbound port are stored.

Forward/Filter

Compare the destination MAC address of the arriving frame to the dynamically-learned MAC

table. If the address is in the table only forward the frame out the port specified in the table,thus filtering it from other ports. If the MAC address is not in the MAC table (unknown MACaddress) or it is a broadcast or multicast frame, the frame is flooded out every other portexcept the one it arrived from.

LoopAvoidance

Since the default behavior of a switch is to forward unknown unicast, broadcast, andmulticast frames, it is possible for one frame to Loop endlessly through a redundant (multiplepath) network. Thus the Spanning Tree Protocol (STP) is turned on to discourage loops in aredundant switch network.

Forwarding Modes in a Switch

Mode Description Latency

Store-and-ForwardThe entire frame is buffered, the CRC isexamined for errors and frame is checked forcorrect sizing (Ethernet 64 1518 bytes).

Relatively High.Varies depending on frame size.

Cut-Through

The frame is forwarded once the destinationMAC address (first 6 bytes) arrives and ischecked against the MAC address table.Buffer until the 6th byte arrives.

Lowest.Fixed delay based on 6 bytes being buffered.Not configurable on a Catalyst 1900.

Fragment-Free(Cisco)

The frame is forwarded once the first 64 byteshave arrived. Buffering occurs until the 64thbyte arrives. Ethernet collisions usually occurwithin the first 64 bytes, thus if 64 bytes arrivethere is no collision.

Low.Fixed delay based on 64 bytes being buffered.Default on Catalyst 1900.


7/19

Sources of Switching/Bridging Loops

Source Description

Redundant TopologyUnknown Frames are flooded out all ports. If there are multiple paths, than a flood would goout all ports, except the originator, and come back in on the other ports, thus creating a loop.

Multiple Frame Copies

Two machines live (connect) on the same wire. They send frames to each other withoutassistance. If there are two bridges/switches attached to the same wire, who are alsoconnected together, then new frames (unknown) going from one machine (same wire) would

go directly to the other machine (same wire) and would also be flooded through thebridges/switches (connected wire) and be flooded back through the bridges/switches to theoriginal wire. The receiving machine would receive multiple copies of the same frame.

MAC DatabaseInstability

Thanks to a bridging/switching loop (senairo above), one bridge/switch learns the sameMAC address on different ports. Thus, if a bridge/switch needed to forward a frame to itsdestination MAC address, it would have two possible destination ports.

Solution to Bridging/Switching LoopsProtocol Description

Bridges/switches communicate with Bridge Protocol Data Units (BPDUs).

The BPDU carries the Bridge ID and the Root ID Each bridge/switch has a unique Bridge ID,

which is the priority (or priority and extend system ID) followed by the base MAC address of the

bridge/switch. Only the priority (or priority and extend system ID) can be modified.

The device with the lowest Bridge ID becomes the Root. Only the Root is allowed to send BPDUs.

Initially, prior to receiving any BPDUs from other devices, every bridge/switch thinks it is the

Root, and thus sends a BPDU to every other Bridge/switch. This always occurs when a new

Bridge/switch is added to an existing network.

After the round of BPDUs, every bridge/switch becomes aware of the lowest Bridge ID (the Rootdevice). Only the Root continues to send BPDUs.BPDUs are sent, by default, every two (2) seconds.Every Bridge/switch receives BPDUs from the Root. If multiple BPDUs are received, then there

must be a loop in the network. The BPDU with the lowest cost is the best path to the Root.

The goal of every non-root bridge/switch is to find the most efficient path to the Root.

Ports that are not the most efficient path to the root, and are not needed to reach any other

downstream bridge/switch, are blocked. Blocked ports still receive BPDUs.

If the primary path ceases to receive a BPDU, STP eventually forwards packets on an alternate port

Blocked ports are re-evaluated to find the most efficient and that port is un-blocked so a path can be

reestablished to the root.

Forwarding ports are also called Designated ports (DP).

Blocked ports are also called non-Designated ports (BLK).

The port that is forwarding to the Root is called the Root port (RP).

The Root Bridge/switch ports never block and are always designated ports (DP).

Bridge/switch convergence is the time between a break occurring and an STP calculating analternate path. Typically 30 50 seconds.

802.1

d

SpanningTreeProto

col(STP)

Port convergence is the time it takes for STP to calculate whether a port will be in forwarding orblocking mode. Typically 50 seconds.


8/19

IOS and Configuration File Locations

Memory Type Contents

RAM Operating environment

MVRAM Backup (startup) copy of the configuration file, single file only

ROM IOS subset (RxBoot) (only if the hardware supports it ROM Monitor (ROMMON)

FlashCompressed IOS (non-compressed if 2500 series) Binary file storage capabilities (if enoughspace)

PCMCIA Like Flash, some machines have multiple PCMCIA slots available

Share I/O I/O buffer for interfaces

Enhanced Editing Commands

Function Syntax

Move to beginning of line Ctrl-AMove to end of line Ctrl-B

Move back one word Esc-B

Move forward one word Esc-F

Recall previous command (up in buffer history) Ctrl-P or up arrow

Move down through history buffer Ctrl-N or down arrow

Operating Modes

Mode Prompt Sample Functions

User Router> Read-only privileges Examine Interface status Examine router status

Privileged Router#

Full privileges to read, write, modify, copy, and delete Examine interface status Examine router status Examine configuration file Change IOS and configuration file

Example:

Router> enable password password

Configuration Router(config)#

Modify the active (running) configuration file

Example:

Router# configure terminalRouter(config)#


9/19

Some Miscellaneous IOS Commands

Function Mode Syntax

Configure a Banner Config Router(config)#banner motd # banner #

Configure the router name Config Router(config)# hostname name

Examine the backup configuration in NVRAM Privileged Router#show startup-config

Examine the active configuration in RAM Privileged Router#show running-config

Display the contents of Flash memory User of Privileged Router>show flash

Save the active configuration to NVRAM Privileged Router#copy running-config startup-config

Restore the backup configuration to RAM Privileged Router#copy startup-config running-config

Save the active configuration to a TFTPServer

Privileged Router#copy running-config tftp

Restore a configuration file from a TFTPServer

Privileged Router#copy tftp running-config

Write the current IOS out to a TFTP Server Privileged Router#copy flash tftp

Load a different IOS into the router Privileged Router#copy tftp flash

Erase the backup configuration from NVRAM Privileged Router#erase startup-config

Boot using a different IOS in Flash Config Router(config)#boot system flash filename

Boot from a TFTP Server ConfigRouter (config)#boot system tftp ip-addressfilename

Configure the router as a TFTP Server Config Router(config)#tftp-server flash filename

Reboot the router Privileged Router#reload

Use the setup utility Privileged Router#setup

Display directly-connected Cisco neighbors User or Privileged Router> show cdp neighbor

Display the command history buffer User or Privileged Router>show history

Configure the length of the history buffer Privileged Router#terminal history size line-count

Display the current IOS, router run-time,amount of memory, and interfaces installed

User or Privileged Router>show version

Configure logout delay Line ConfigRouter(config-line)# exec-timeout minutes

seconds

Configure clocking on a DCE interface Interface Config Router(config-if)# clock rate bps-value

Configure the bandwidth on an interface Interface Config Router(config-if)# bandwidth Kbps-value

Display the IP routing table User or Privileged Router>show ip route

Display the physical characteristics of aninterface

User or Privileged Router>show interfaces type number

Display the logical characteristics of aninterface

User or Privileged Router>Show protocol interface type number


10/19

Password Configuration

Mode Location Syntax

User Console Port Router# configure terminalRouter(config)#line console 0Router(config-line)# password stringRouter(config-line)# login

User Auxiliary Port Router#configure terminalRouter(config)#line auxiliary 0Router(config-line)# password stringRouter(config-line)# login

User VTY Access Router#configure terminalRouter(config)#line vty 0 4Router(config-line)# password stringRouter(config-line)# login

Encrypting ServicePasswords

N/A Router(config)# service-password encrypt

Privilege (secret) N/A Router#configure terminalRouter(config)#enable secret string

Privilege (enable) N/A Router# configure terminalRouter(config)# enable password string


11/19

RoutingThe process of maintaining a table of destination network addresses. A router will discard packets for unknown networks.

Sources of Routing Information

Source Description

Static

Manually configured by an administrator

Must account for every destination network Each static route must be configured on each router No overhead in processing, sending, or receiving updates Saves bandwidth and router CPU Routing table maintained by administrator

Dynamic

A process that automatically exchanges information about available routes Uses metrics to determine the best path to a destination network The routing protocol must be configured on each router Bandwidth is consumed as routing updates are transmitted between routers Router CPU is used to process, send, and receive routing information Routing table maintained by routing process

Routing Configuration Commands

Type Syntax

Sta

tic

Router(config)# ip route dest-address subnet-mask next-hop or exit-interface

dest-network is the network in question subnet-mask is the network in question next-hop is the network in question exit-interface is the network in question -either the next-hop or exit-interface are used, but not both

Example:

Router# configure terminalRouter(config)# ip route 172.16.0.0 255.255.0.0 serial0orRouter(config)# ip route 172.16.0.0 255.255.0.0 172.16.1.1

Dynamic

Router(config)# router protocol keywordRouter(config-router) network network-number

protocol is the routing protocol being used keyword is an optional parameter for some routing protocols network-number is the directly connected network that will be used to send and receive routingupdates; enables all interfaces that use that network address

Example 1:Router# configure terminalRouter(config)# router ripRouter(config-router)# network 172.16.0.0Router(config-router)# network 192.168.20.0

Example 2:Router(config)# router OSPF 100Router(config-router)# network 172.16.0.0 0.0.255.255 area 0Router(config-router)# network 192.168.20.00.0.0.255 area 0


12/19

Types of Routing Protocol

Type Description

Interior Used within a common administrative domain called an Autonomous System (AS) Typically a single AS is controlled by a single authority or company Interior routing protocols are used within a corporate network

Exterior Used to connect Autonomous Systems Exchanges routing information between different administrative domains Exterior protocols are used to connect sites within a very large corporate network, or are used toconnect to the Internet

Classes of Routing Protocol

Class Description

DistanceVector

Maintains a vector (direction and distance) to each network in the routing table Typically sends periodic (update interval) routing updates Typically sends entire routing table during update cycle Routing updates are processed and then resent by each router, thus the updates are second-handinformation (routing by rumor) Typically prone to routing loops (disagreement between routers) and count to infinity (routing metricscontinue to accumulate indefinitely) Solutions to these problems include:

Spilt Horizon do not send updates back to where they came from eliminates back-to-back router loops

Define a maximum metric eliminates count to infinity problemRoute poisoning set the advertised metric to the maximum value on routes that have gone downPoison reverse overrides split horizon by informing the source of a route that it has gone down

Hold-down timers eliminates long-distance loops by ignoring updates about possibly down routesthat have metrics worse than the current metricTriggered updates send an individual update immediately when a route is thought to be down,rather than wait for the periodic update timer (also called flash updates)

Link

State

Maintains a complete topological map (database) of entire network, separate from the routing table(forwarding table) Sends updates only when necessary Only sends information that has changed, not the entire database Does not send information from the routing table, but rather from the database The initial routing update is sent to every link state router in the network (flooding) via a multicast IP

address, not a processed copy as with distance vector protocols Routing table is individually calculated on each router from its database. This process is calledShortest Path First or SPF The database typically requires as much memory as the routing table When SPF runs, it is CPU intensive Uses hello packets to maintain a database of link state neighbors throughout the network


13/19

Examples of Routing Protocols

ProtocolDVorLS

Internalor

ExternalCharacteristics

RoutingInformation

Protocol (RIP)DV Internal

Sends periodic updates every 30 seconds by default Sends the entire routing table out every interface, minus the routeslearned from that interface (split horizon)

Uses hop count as a metric Has a maximum reachable hop count of 15 (16 is the definedmaximum) Sends updates out as a broadcast (RIP V1) RIP V2 uses a multicast address of 244.0.0.10

Interior GatewayRouting Protocol

(IGRP)DV Internal

Sends periodic updates every 90 seconds by default Sends the entire routing table out every interface, minus the routeslearned from that interface (split horizon) Uses a composite metric consisting of bandwidth, delay, reliability,load, and MTU Only uses bandwidth and delay by default (configurable) Does track hop count but only uses it as a tie-breaker

Default maximum hop count is 100, but is configurable up to 255maximum Sends updates out as a broadcast

EnhancedInterior GatewayRouting Protocol

(EIGRP)

Adv. DV Internal

Considered an advanced distance vector routing protocol Uses a Diffusing update algorithm (DUAL) Sends triggered updates when necessary Sends only information that has changed, not entire routing table Uses a composite metric consisting of bandwidth, delay, reliability,load, and MTU Only uses bandwidth and delay by default (configurable) Does track hop count but only uses it as a tie-breaker Default maximum hop count is 224, but is configurable up to 255

maximum Sends updates out on a multicast address of 224.0.0.9

Open ShortestPath First(OSPF)

LS Internal

Sends triggered updates when necessary Sends only information that has changed, not entire routing table Uses a cost metric Interface bandwidth is used to calculate cost (Cisco) Uses two multicast addresses of 224.0.0.5 and 224.0.0.6

Border Gateway

Protocol (BGP)

DV External

Actually a very advanced distance vector routing protocol Sends triggered updates when necessary Sends only information that has changed, not entire routing table Uses a complex metric system


14/19

Access List Syntax

Direction Description

Inbound Interrogates packets as they arrive, before they are routed Can deny a packet before using CPU cycles to process it then deny it

Outbound Interrogates packets after they are routed to the destination interface Packets can be discarded after they have been routed Default configuration when applying access lists to the interface

Standard

Router(config)# access-list number permit or deny source-ip wildcard-mask

Number is in the range of 1-99, 1300-1999 Each line either permits or denies Only examines the sources IP address from the IP packet Wildcard mask allows a single line to match a range of IP addresses Default mask is 0.0.0.0 Wildcard mask of 0.0.0.0 is exact match of source IP address The word host can be substituted for the mask 0.0.0.0 Wildcard mask of 255.255.255.255 means match every IP address The word any can be substituted for the mask 255.255.255.255

Extended

Router(config)# access-list number permit or deny source-ip source-mask operator source-port destination-ip destination-mask operator destination-port

Number is in the range of 100 199, 2000 2699 Each line either permits or denies Examines anything in the IP header: source and destination addresses, protocols, and ports Protocol can be IP, ICMP, IGRP, EIGRP, OSPF, UDP, TCP, and others Wildcard mask allows a single line to match a range of IP addresses Port numbers are optional and can only be entered if the protocol is UDP or TCP. Portnumbers are in the range of 1 65535

A protocol of ICMP, the port numbers becomes an ICMP type code Operators are a Boolean function of gt, lt, neq, or range. LT is less than, GT is greater than,NEQ is not equal to, and RANGE is a range of ports

Boolean operators are only used with TCP or UDP Wildcard mask of 0.0.0.0 is exact match of source IP address The word host can be substituted for the mask 0.0.0.0 Wildcard mask of 255.255.255.255 means match every IP address The word any can be substituted for the mask 255.255.255.255

Named

Same structure as Standard or Extended except alphanumeric string

Router(config)# access-list standard nameRouter(config-std-nacl)# permit or deny source-ip wildcard-maskorRouter(config)# access-list extended nameRouter(config-ext-nacl)#permit or deny source-ip source-mask operator source-port

destination-ip destination-mask operator destination-port

Interface

Router(config-if)# ip access-group number in or out Number is the access list being referenced; standard, extended, or named In or out specifies the direction of the frame flow through the interface for the access list to beexecuted. Out is the default

VirtualTerminal

(VTY)

Router(config)# line vty vt# or vty-rangeRouter(config-line)# access-class number in or out

Restricts incoming or outgoing vty connections for address in access list Number is the access list being referenced; standard, extended, or named


15/19

IP Access Lists

Type Numbers Criteria Location

Standard1 99

1300 1999 Source IP address Close to the destination

Extended 100 1992000 2699

Source IP address Destination IP address Source protocol number

Destination protocolnumber

Source port number Destination port number

Close to the source

Named Alphanumeric string Same as standard extended orextended

Close to either destinationor source

Wildcard Masks

Mask Match Dont Care Example

0.0.0.0 Every octet N/A 172.16.10.1 = 172.16.10.1

0.0.0.255 First three octets Last octet 172.16.10.1 = 172.16.10.0

0.0.255.255 First two octets Last two octets 172.16.10.1 = 172.16.0.0

0.255.255.255 First octet Last three octet 172.16.10.1 = 172.0.0.0

255.255.255.255 N/A Every octet 172.16.10.1 = 0.0.0.0

Network Address Translation NAT

Function Syntax

Marks the interface as connected to the inside Router(config-if)# ip nat inside

Marks the interface as connected to the outside Router(config-if)# ip nat outside

Establishes static translation between an insidelocal address and an inside global address

Router(config)#ip nat inside source static local-ip global-ip

Defines a pool of global addresses to be allocatedas needed

Router(config)#ip nat pool start-ip end-ip {netmask netmask |prefix-length prefix-length}

Establishes dynamic source translation to a poolbased on the ACL

Router(config)#ip nat inside source list access-list-number poolname

Establishes dynamic source translation to ainterface based on the ACL

Router(config)#ip nat source list access-list-number interfaceinterface overload

Displays active translation Router#show ip nat translations

Displays translation statistics Router#show ip nat statistics

Clears all dynamic address translation entries Router#clear ip nat translation *

Clears a simple dynamic translation entry that hasan inside translation or both inside and outsidetranslation

Router#clear ip nat translation inside global-ip local-ip [outsidelocal-ip global-ip]

Clears a simple dynamic translation entry that hasan outside translation

Router#clear ip nat translation outside local-ip global-ip

Clears an extended dynamic translation entryRouter#clear ip nat translation protocol inside global-ip global-port local-ip local-port [outside local-ip local-port global-ip global-port]


16/19

WAN Connection Types

Connection Definition

Leased Line

A pre-established, private connection from one site to another through a providersnetwork

Also called a dedicated circuit or a dedicated connection Always a point-to-point connection between two end points Used when there is a constant flow of data, or when a dedicated amount of bandwidth isrequired

One router interface is connected to one destination site Examples PPP, HDLC

Circuit Switching

A dial-up connection through a providers voice-grade network Either uses an analog modem or an ISDN connection Used when only a slow-speed connection is needed, or when there is not much of aneed to transfer a lot of data

One call establishes a circuit to one destination site Examples PPP, HDLC, SLIP

Packet Switching

Each site only uses one physical connection into the providers network, however theremay be multiple virtual circuits to various destinations

Typically less expensive than leased lines, because you are mixing various data streamsacross a single link

Used when a dedicated connection is needed, but cost savings is important Examples Frame Relay, X.25

Cell Switching

Each site only uses one physical connection into the providers network, however theremay be multiple virtual circuits to various destinations Typically less expensive than leased lines, because you are mixing various data streamsacross a single link Uses fixed-size packets called cells to achieve faster and more predicable transportthrough the network Examples ATM, SMDS

High-Level DataLink Control

(HDLC)

A Cisco-proprietary serial encapsulation Allows multiple network-layer protocols to travel across Default encapsulation for all serial interfaces on a Cisco router One router interface only goes to one destination

Point-to-PointProtocol (PPP)

An open-standard serial encapsulation Allows multiple network-layer protocols to travel across Allows optional link-layer authentication (CHAP or PAP) One router interface only goes to one destination

Serial LineInternet Protocol

(SLIP)

An open-standard serial encapsulation Allows only IP to travel across One router interface only goes to one destination

Frame Relay

A very popular packet switching standard

Uses switched virtual circuits (SVCs) or permanent virtual circuits (PVCs) Allows multiple network-layer protocols to travel across Each virtual circuit is a private channel between two end points One router interface may have many virtual circuits, going to the same location orvarious locations

X.25

An old, but still available, packet switching standard Uses switched virtual circuits (SVCs) or permanent virtual circuits (PVCs) Allows multiple network-layer protocols to travel across Each virtual circuit is a private channel between two end points One router interface may have many virtual circuits, going to the same


17/19

Popular WAN Terms

Term Definition

Customer PremiseEquipment (CPE)

Network devices/equipment physically located at the customers location/site Customer is typically required to procure/maintain this equipment Equipment could include routers and CSU/DSUs

Central Office (CO) The facility that provides WAN services to the customer Source of analog phone service, ISDN service, DSL service, frame relay connections,X.25 connections, and leased lines

Local Loop The link from the providers CO to the customers demarc Also called the last mile Normally not more than a few miles

Demarcation Point(Demarc)

The line between the customer site and the provider network Inside of the demarc is the CPE Outside of the demarc is the local loop

Toll Network The providers network Inside the WAN cloud Typically smoke and mirrors to a customer

ISDN Interface Types

Interface Type Characteristics

Basic Rate Interface (BRI) 2 Bearer (B) channels, 64 Kbps data each 1 control channel (D), 16 Kbps

Primary Rate Interface (PRI)

23 Bearer (B) channels, 64 Kbps data each across a T1 circuit, typically seen inNorth America and Japan 30 Bearer (B) channels, 64 Kbps data each across an E1 circuit, typically seen inAustralia and Europe 1 control channel (D), 64 Kbps

ISDN Device Types

Device Function

Network Termination 1 (NT-1) Converts BRI signals into a form used by the ISDN digital line

Network Termination 2 (NT-2) The aggregation point of ISDN services at a customer site

Terminal Adapter (TA) Converts analog signals into BRI signals

Terminal Endpoint 1 (TE-1) A devices that has an ISDN interface, such as a router

Terminal Endpoint 2 (TE-2)A device that does not have any ISDN interfaces and requires a TA to access theISDN network, such as a PC

ISDN Reference Points

Reference Point Function

R The point between a non-ISDN device and the TA

S The point between the TA and the NT-2, or between ISDN devices and the NT-2

T The point between the NT-2 and the NT-1

U The point between the NT-1 and the ISDN provider


18/19

ISDN Protocols

Reference Point Function

E-series Recommend telephone network standards

I-series Deal with concepts, terminology, and general methods used within ISDN

Q-series Cover switching and signaling through the ISDN cloud

Sample ISDN CommandsFunction Mode Syntax

Configure the ISDNswitch type

configRouter(config)# isdn switch-type switch

switch types include basic-dms100, basic-5ess and basic-ni

Create a static route config

Router(config)# ip route network mask destination-ip

network is the other side of the ISDN cloud, since there is no dynamicrouting protocol running across the ISDN network mask is the subnet mask to specify the distant network destination-IP is the IP address of the BRI interface of the remote site

Create a dialer list config

Router(config)# dialer-list number protocol protocolpermit

number can be from 1 10 protocol can be any protocol, such as IP or IPX

Access the BRIinterface

config Router(config)# interface bri number

Assign SPID numbers interface config

Router(config-if)# isdn spid1 spid-number

spid-number is the logical circuit ID assigned by the ISDN provider there might be two SPID numbers, thus the second one would bereferenced as spid2

Reference the dialerlist

interface configRouter(config-if)# dialer-group number

number is the dialer list created earlier

Create a map to pointto and dial the remote

siteinterface config

Router(config-if)# dialer map protocol destination-ip dial-number

protocol is the protocol being mapped across the ISND cloud, such as IPor IPX

destination-IP is the IP address of the BRI port on the other side of theISDN cloud, specified by the static route

dial-number is the ISDN phone number of the remote site


19/19

Frame Relay Terms

Term Definition

Local Access RateConnection rate between a frame relay site and the frame relay provider. Many virtualcircuits run across a single access point.

Virtual Circuit

Logical connection between two end points

Permanent Virtual Circuit (PVC) the circuit is always available, and the bandwidth forthe circuit is always allocated

Switched Virtual Circuit (SVC) the circuit is built when needed, and the bandwidth isreturned when the circuit is closed

Data Link ConnectionIdentifier (DLCI)

The local reference to one end of a virtual circuit. The DLCI numbers are assigned by theframe relay providers.

Committed InformationRate (CIR)

The maximum allowed bandwidth through the PVC from one end to the other. Each PVCcan have a unique CIR.

Inverse AddressResolution Protocol

(IARP)

The process of a frame relay device, such as a router, discovering the network-layerinformation about the devices at the other end of the PVCs.

Local ManagementInterface (LMI)

Signaling between the frame relay device (the router) and the frame relay switch (theprovider). LMI does not travel across the entire PVC from one end to the other.

Sample Frame Relay Commands

Function Mode Syntax

access the serialinterface

config Router(config)# interface serial number

change theencapsulation

interface configRouter(config-if)# encapsulation frame-relay option

option can either be Cisco (default) or ietf (open standard)

specify the LMI type interface config

Router(config-if)# frame-relay lmi lmi-type

lmi-type can be Cisco, ansi, or q933a

this command is normally not needed, as the router will automaticallysense the LMI type if configured by the provider

assign the local DLCI interface config

Router(config-if)# frame-relay interface-dlci local-dlci

local-dlci is the DLCI number of the PVC that terminates on this interface.There can be more than on DLCI on an interface.

this command is not needed with a major interface, since the router willautomatically retrieve the DLCIs from the frame relay switch.

create a sub-interface config

Router(config)# interface serial number.sub point-to-point or multipoint

point-to-point defines a subinterface that will only have one DLCI

(interface-dlci command) multipoint defines a subinterface that may have more than one DLCI(interface-dlci command)

create a static map interface config

Router(config)# frame-relay map protocol destination-IP local-dlci

protocol is the protocol being mapped across the frame relay cloud, suchas IP or IPX

destination-IP is the IP address of the frame relay interface at the otherend of the PVC

local-DLCI is the local DLCI needed to access the remote site this command is not needed if inverse-ARP is properly configured, andthe interface-dlci command is used

final review ccna

Documents